isabelle: src/HOL/Boogie/Examples/VCC_Max.thy@156e4f179bb0 (annotated)

33419 8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	1	(* Title: HOL/Boogie/Examples/VCC_Max.thy
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	2	Author: Sascha Boehme, TU Muenchen
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	3	*)
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	4
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	5	header {* Boogie example from VCC: get the greatest element of a list *}
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	6
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	7	theory VCC_Max
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	8	imports Boogie
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	9	begin
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	10
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	11	text {*
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	12	We prove correct the verification condition generated from the following
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	13	C code:
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	14
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	15	\begin{verbatim}
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	16	#include "vcc.h"
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	17
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	18	typedef unsigned char byte;
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	19	typedef unsigned long ulong;
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	20
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	21	static byte maximum(byte arr[], ulong len)
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	22	requires(wrapped(as_array(arr, len)))
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	23	requires (0 < len && len < (1UI64 << 40))
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	24	ensures (forall(ulong i; i<len ==> arr[i] <= result))
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	25	ensures (exists(ulong i; i<len && arr[i] == result))
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	26	{
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	27	byte max = arr[0];
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	28	ulong p;
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	29	spec(ulong witness = 0;)
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	30
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	31	for (p = 1; p < len; p++)
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	32	invariant(p <= len)
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	33	invariant(forall(ulong i; i < p ==> arr[i] <= max))
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	34	invariant(witness < len && arr[witness] == max)
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	35	{
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	36	if (arr[p] > max)
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	37	{
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	38	max = arr[p];
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	39	speconly(witness = p;)
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	40	}
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	41	}
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	42	return max;
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	43	}
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	44	\end{verbatim}
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	45	*}
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	46
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	47	boogie_open (quiet) "~~/src/HOL/Boogie/Examples/VCC_Max"
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	48
34993 bf3b8462732b updated examples due to changes in the way SMT certificates are stored boehmes parents: 34068 diff changeset	49	declare [[smt_certificates="~~/src/HOL/Boogie/Examples/VCC_Max.certs"]]
36081 70deefb6c093 renamed "smt_record" to "smt_fixed" (somewhat more expressive) and inverted its semantics boehmes parents: 35153 diff changeset	50	declare [[smt_fixed=true]]
34993 bf3b8462732b updated examples due to changes in the way SMT certificates are stored boehmes parents: 34068 diff changeset	51
33419 8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	52	boogie_status
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	53
33445 f0c78a28e18e shorter names for variables and verification conditions, boehmes parents: 33419 diff changeset	54	boogie_vc maximum
34068 a78307d72e58 make assertion labels unique already when loading a verification condition, boehmes parents: 33445 diff changeset	55	using [[z3_proofs=true]]
a78307d72e58 make assertion labels unique already when loading a verification condition, boehmes parents: 33445 diff changeset	56	by boogie
33419 8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	57
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	58	boogie_end
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	59
35153 5e8935678ee4 include solver arguments as comments in SMT problem files (to distinguish different results from the same problem when caching results) boehmes parents: 34993 diff changeset	60	end

author	blanchet
	Thu, 22 Apr 2010 15:01:36 +0200
changeset 36288	156e4f179bb0
parent 36081	70deefb6c093
child 40163	a462d5207aa6
permissions	-rw-r--r--